Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3452 matches found

WPVulnDB
WPVulnDBadded 2024/06/11 12:0 a.m.14 views

EazyDocs < 2.5.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC The PoC will be displayed on June...

5.9AI score0.00306EPSS
Exploits2Affected Software1
NVD
NVDadded 2024/06/07 6:15 a.m.12 views

CVE-2024-4756

The WP Backpack WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.4CVSS0.00228EPSS
Exploits2References1
OSV
OSVadded 2024/06/07 6:15 a.m.1 views

CVE-2024-4756

The WP Backpack WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.4CVSS5.8AI score
Exploits0References1
OSV
OSVadded 2024/06/07 6:15 a.m.1 views

CVE-2024-4621

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example ...

4.8CVSS5.8AI score0.0017EPSS
Exploits2References1
CVE
CVEadded 2024/06/07 6:0 a.m.62 views

CVE-2024-4621

CVE-2024-4621 affects ARForms – Premium WordPress Form Builder Plugin prior to version 6.6. The issue is a Stored XSS vulnerability caused by insufficient sanitisation/escaping of certain plugin settings, potentially allowing high-privilege users (e.g., admins) to inject scripts even when unfilte...

4.8CVSS4.9AI score0.0017EPSS
Exploits2References1Affected Software1
Cvelist
Cvelistadded 2024/06/07 6:0 a.m.14 views

CVE-2024-4756 WP Backpack <= 2.1 - Admin+ Stored XSS

The WP Backpack WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00228EPSS
Exploits2References1
Vulnrichment
Vulnrichmentadded 2024/06/07 6:0 a.m.21 views

CVE-2024-4756 WP Backpack <= 2.1 - Admin+ Stored XSS

The WP Backpack WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.6AI score0.00228EPSS
Exploits2References1
OSV
OSVadded 2024/06/06 2:15 a.m.1 views

CVE-2024-4942

The Custom Dash plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.8CVSS5.9AI score0.00186EPSS
Exploits0References2
WPVulnDB
WPVulnDBadded 2024/06/05 12:0 a.m.11 views

Video Widget <= 1.2.3 - Admin+ Stored XSS via Widget

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Add a "Video Widget" to a widge...

5AI score0.00148EPSS
Exploits2
WPVulnDB
WPVulnDBadded 2024/06/05 12:0 a.m.11 views

Frontend Checklist <= 2.3.2 - Admin+ Stored XSS via Items

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Add a checklist and for an item...

5.5AI score0.0015EPSS
Exploits2
NVD
NVDadded 2024/05/31 6:15 a.m.10 views

CVE-2024-4469

The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations...

7.5CVSS9.4AI score0.00687EPSS
Exploits2References1
OSV
OSVadded 2024/05/31 6:15 a.m.1 views

CVE-2024-4469

The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations...

7.5CVSS5.7AI score0.00687EPSS
Exploits2References1
Cvelist
Cvelistadded 2024/05/31 6:0 a.m.15 views

CVE-2024-4469 Migration Backup Restore < 3.5.0 - Admin+ SSRF

The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations...

9.4AI score0.00687EPSS
Exploits2References1
CVE
CVEadded 2024/05/31 6:0 a.m.3218 views

CVE-2024-4469

CVE-2024-4469 affects the WP STAGING WordPress Backup Plugin (pre-3.5.0). An administrator can trigger server-side request forgery (SSRF) which may impact multisite setups. The issue is mitigated/solved by upgrading to version 3.5.0 or later (patch).

7.5CVSS6.5AI score0.00687EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichmentadded 2024/05/31 6:0 a.m.10 views

CVE-2024-4469 Migration Backup Restore < 3.5.0 - Admin+ SSRF

The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations...

6.6AI score0.00687EPSS
Exploits2References1
WPVulnDB
WPVulnDBadded 2024/05/31 12:0 a.m.15 views

CB (legacy) <= 0.9.4.18 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to...

4.9AI score0.0017EPSS
Exploits2
Positive Technologies
Positive Technologiesadded 2024/05/31 12:0 a.m.9 views

PT-2024-31213 · WordPress · Wp Staging

Name of the Vulnerable Software and Affected Versions: WP STAGING WordPress Backup Plugin versions prior to 3.5.0 Description: The issue allows users with the administrator role to conduct SSRF attacks, which may be problematic in multisite configurations. This is due to the lack of prevention of...

7.5CVSS6.2AI score0.00687EPSS
Exploits2References4
WPVulnDB
WPVulnDBadded 2024/05/31 12:0 a.m.16 views

Widget Bundle <= 2.0.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Enable the "Text Form" widget...

5.4AI score0.00323EPSS
Exploits2
WPVulnDB
WPVulnDBadded 2024/05/31 12:0 a.m.12 views

PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to...

5.4AI score0.00171EPSS
Exploits2
WPVulnDB
WPVulnDBadded 2024/05/31 12:0 a.m.16 views

Google CSE <= 1.0.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to...

5.4AI score0.00085EPSS
Exploits2
Rows per page
Query Builder